73 matches found
CVE-2021-26401
CVE-2021-26401 concerns Spectre Variant 2 mitigation on AMD CPUs. The description states that LFENCE/JMP mitigation (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD processors. AMD advisories (AMD-SB-1040 and AMD-SB-1036) discuss mitigations and supported approaches: use ...
CVE-2023-20593
CVE-2023-20593 is described as a vulnerability in AMD/Zen 2 microarchitectural behavior that could allow an attacker to access sensitive information under specific conditions. In the provided documents, the description is broad and does not list concrete affected products, versions, root cause de...
CVE-2022-29900
CVE-2022-29900 describes mis-trained branch predictions for return instructions that may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Connected advisories confirm this affects Linux-kernel components (e.g., linux-5.10 in Astra Linux; multiple Am...
CVE-2022-23825
CVE-2022-23825 affects AMD processors where branch-predictor aliases can cause misclassification of branches, potentially exposing information. The connected advisories show Linux kernel mitigations are being released for Amazon Linux 2/ALAS kernels (e.g., ALAS2KERNEL-5.10-2025-086 and ALAS2KERNE...
CVE-2021-26341
CVE-2021-26341 affects AMD CPUs; transient execution beyond unconditional direct branches may leak data. Public details describe local access risk with low NVD CVSS v2 but medium CVSS v3.1 (6.5) and local attack vector. Connected advisories (MiracleLinux, IBM/Red Hat and others) mention this CVE ...
CVE-2022-27672
CVE-2022-27672 describes a local information disclosure vulnerability on certain AMD CPUs where, when SMT is enabled, the processor may speculatively execute instructions using a target from the sibling thread after an SMT mode switch. The underlying issue is tied to speculative execution across ...
CVE-2022-23824
Summary: CVE-2022-23824 is listed as a Xen-related vulnerability in Debian security advisories and Gentoo GLSA, indicating multiple vulnerabilities in the Xen hypervisor that could lead to privilege escalation, denial of service, or information leaks. The Debian entry explicitly groups CVE-2022-2...
CVE-2023-20592
CVE-2023-20592 covers AMD CPUs where improper behavior of the INVD instruction could let a malicious hypervisor affect cache line write-back and potentially compromise guest VM memory integrity. Public documents in the connected set describe the issue across multiple IBM Power HMC/LINUX-firmware ...
CVE-2022-23823
CVE-2022-23823 describes a timing-attack information disclosure risk on AMD processors with DVFS. Connected sources show F5 advisories (K43357358) tying Hertzbleed to BIG-IP on AMD CPUs, listing affected BIG-IP branches (e.g., 17.x up to 17.5.03) with “Will not fix” for some lines, and provide a ...
CVE-2021-26350
The CVE-2021-26350 entry describes a TOCTOU race in the AMD System Management Unit (SMU) that could allow a caller to obtain and manipulate the address of a message port register, potentially causing denial of service. The linked SUSE/SUSE-SU advisories enumerate this vulnerability alongside othe...
CVE-2021-26316
CVE-2021-26316 describes a BIOS-level input/communication buffer validation flaw in AMD platforms that may allow a local attacker with low privileges to tamper BIOS buffers and trigger SMM (System Management Mode) arbitrary code execution. Connected sources confirm the root cause is inadequate va...
CVE-2021-26372
CVE-2021-26372 is present in multiple SUSE kernel-firmware advisories (e.g., SUSE-SU-2022:1840/1846/1847-1) as part of a set of issues affecting the System Management Unit (SMU) and AMD-related firmware. The core issue is insufficient bound checks related to PCIE in the SMU, which could allow acc...
CVE-2021-26376
CVE-2021-26376 is referenced across multiple SUSE kernel-firmware advisories (SUSE-SU-2022-1840/1846/1847-1, etc.) as part of a family of SMU flaws. The description in the CVE entry states that insufficient checks in the System Management Unit (SMU) FeatureConfig may reenforce features and cause ...
CVE-2021-26347
CVE-2021-26347 is referenced in several advisories as part of AMD/ kernel-firmware updates. The description states a failure to validate the integer operand in the AMD Secure Processor bootloader could allow an integer overflow in the L2 directory table in SPI flash, potentially causing a denial ...
CVE-2021-26375
Technical details for CVE-2021-26375 are not publicly provided in the supplied documents; no affected products, exploit vectors, or fixes are stated here. Monitor for updates from the listed advisories.
CVE-2021-46744
Technical details about CVE-2021-46744 are not publicly provided in the supplied Connected documents. The initial entry mentions a SEV data-inference risk on AMD SEV guests, but no product/version/root-cause/fix is given here. Monitor for updates.
CVE-2021-26388
CVE-2021-26388 matches the initial description: improper validation of the BIOS directory can cause reads beyond the RAM directory table, exposing out-of-bounds memory and potentially causing a denial of service. Connected advisories (SUSE-SU-2022:1840-1, 1846-1, 1847-1) reference this CVE as par...
CVE-2021-26378
CVE-2021-26378 is an SMU (System Management Unit) bound-check issue that can cause denial of service by exposing invalid address space. The descriptor in the initial document states only a bound-check deficiency in the SMU leading to DoS, with CVSS v3.1 base score 5.5 (Local, Low privileges requi...
CVE-2021-26364
CVE-2021-26364 affects a system with insufficient bounds checking in an SMU mailbox register, potentially allowing reading beyond the SRAM address range and triggering an exception handling path that could cause a denial of service. The description in the CVE notes this could occur locally and co...
CVE-2021-26373
CVE-2021-26373 involves insufficient bound checks in the System Management Unit (SMU) that can cause a system voltage malfunction and potentially deny resources or service. The connected advisories (SUSE kernel-firmware updates SUSE-SU-2022:1840/1846/1923 and related OpenVAS entries) indicate thi...
CVE-2021-26408
The CVE-2021-26408 issue affects AMD SEV-legacy firmware, where insufficient validation of elliptic curve points during SEV-legacy guest migration could lead to loss of guest integrity or confidentiality. This is rooted in inadequate point validation within SEV-legacy firmware. According to the c...
CVE-2021-26370
Summary: CVE-2021-26370 describes an improper validation of the destination address in AMD EPYC UApp/ABL handling via SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB. Affected product/area: AMD EPYC server processors featuring UApp/ABL (as described in related sources). The issue conc...
CVE-2023-20521
CVE-2023-20521 describes a TOCTOU flaw in the AMD ASP Bootloader that could let an attacker with physical access tamper SPI ROM records after memory verification, risking confidentiality loss and potential DoS. Connected sources (SUSE kernel-firmware updates and AMD/SUSe advisories) confirm this ...
CVE-2020-12954
CVE-2020-12954 relates to an AMD Platform Security Processor (ASP) boot loader header where improper input and range validation can allow attacker-controlled values before signature verification, potentially enabling arbitrary code execution and bypassing SPI ROM protections to modify SPI ROM. Th...
CVE-2021-26312
CVE-2021-26312 is addressed in SUSE kernel-firmware updates. The advisory notes that failure to flush the IOMMU TLB may allow an IO device to access memory it should not, potentially compromising integrity. SUSE’s fixes update kernel-firmware to versions 20220411 (AMD microcode updates) and 20220...
CVE-2023-20575
CVE-2023-20575 describes a potential power side-channel vulnerability in some AMD processors that could allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM , potentially leaking sensitive information. The AMD security bull...
CVE-2021-46778
CVE-2021-46778 describes an information-disclosure side-channel vulnerability in AMD CPUs with SMT (Zen 1–Zen 4). The root cause is execution unit scheduler contention on SMT-enabled cores, allowing an attacker to infer data by measuring scheduler-queue contention. Public documents identify affec...
CVE-2021-26371
The CVE-2021-26371 entry concerns AMD Secure Processor (ASP)/AMD System Management Unit (SMU) where a compromised ABL or UApp could trigger a SHA256 system call to the bootloader, potentially exposing ASP memory to userspace and causing information disclosure. Technical details from connected sou...
CVE-2021-26398
CVE-2021-26398 affects the AMD Secure Processor (ASP) via insufficient input validation in SYS_KEY_DERIVE. A compromised user application or ABL may corrupt ASP OS memory, potentially enabling arbitrary code execution. Public details identify the vulnerability and associated risk to ASP/firmware,...
CVE-2020-12966
CVE-2020-12966 corresponds to an information-disclosure vulnerability in AMD EPYC processors’ SEV-ES and SEV-SNP. A local authenticated attacker could leak guest data via the malicious hypervisor. Affected products include AMD EPYC generations with SEV/SEV-ES, with SEV-SNP enabling a mitigation p...
CVE-2021-26354
CVE-2021-26354 affects AMD’s ASP/Bootloader pathway (ASP/ABL) with Insufficient bounds checking that may allow a system call from a compromised ABL, initializing arbitrary memory to zero and potentially compromising integrity. The vulnerability is documented across multiple sources (NVD entry and...
CVE-2021-26402
CVE-2021-26402 describes insufficient bounds checking in the AMD Secure Processor (ASP) firmware during BIOS mailbox handling, enabling an attacker to write partially controlled data out-of-bounds into SMM or SEV-ES regions and potentially compromise integrity and availability. The issue is discu...
CVE-2020-12946
CVE-2020-12946 affects AMD’s Platform Security Processor (ASP) firmware, where insufficient input validation for discrete TPM commands could cause loss of integrity and denial of service. The issue is discussed in AMD/SUZE bulletins and is addressed by updating to specific AGESA PI software versi...
CVE-2021-26345
CVE-2021-26345 is an AMD ASP/firmware vulnerability where failure to validate the APCB value may allow a privileged attacker with physical access to tamper with the APCB token, forcing an out-of-bounds memory read and potentially causing a denial of service. Public details across SUSE OSV entries...
CVE-2021-26335
CVE-2021-26335 concerns the AMD Secure Processor (ASP) boot loader image header. The issue is improper input and range checking, enabling attacker-controlled values before signature validation and potentially allowing arbitrary code execution. In NVD/AMD documentation, the vulnerability is listed...
CVE-2021-26336
CVE-2021-26336 concerns AMD System Management Unit (SMU) with insufficient bounds checking that can cause invalid memory accesses/updates, leading to an SMU hang and the system may fail to service further requests from other components. Multiple sources confirm the issue under the SMU and referen...
CVE-2020-12988
CVE-2020-12988 affects AMD EPYC platforms (1st–3rd Gen) per AMD-SB-1021. The DoS issue is described as a hang during system reboot in the integrated chipset/AMD platform components (e.g., ASP/SMU/SEV family). Affected products include 1st Gen EPYC (Naples), 2nd Gen (Rome), and 3rd Gen (Milan) CPU...
CVE-2021-26340
CVE-2021-26340 is a published vulnerability affecting AMD SEV/SEV-ES environments. A malicious hypervisor with an unprivileged attacker process inside a guest VM may fail to flush the TLB, causing unexpected VM behavior and potential loss of integrity and confidentiality. Affected products includ...
CVE-2023-20527
CVE-2023-20527 concerns the AMD Secure Processor (ASP) Bootloader. The issue is an improper syscall input validation in the Bootloader, which may allow a privileged attacker to read memory out-of-bounds, potentially causing a denial-of-service. The CVSS v3.1 metrics indicate Network attack vector...
CVE-2023-20533
CVE-2023-20533 is documented in multiple trusted sources as a vulnerability in the AMD SMU/ASP ecosystem: it describes insufficient DRAM address validation in the System Management Unit (SMU), which may allow a DMA attacker to read/write invalid DRAM addresses and could lead to denial of service....
CVE-2021-46756
CVE-2021-46756 describes insufficient validation of inputs in SVC_MAP_USER_STACK in the AMD Secure Processor (ASP) bootloader. A malicious UApp or ABL could send malformed or invalid syscalls to the bootloader, potentially causing a denial of service and loss of integrity. The AMD security bullet...
CVE-2023-20520
CVE-2023-20520 affects the AMD Secure Processor (ASP) Bootloader. The issue is described as improper access control in the ASP Bootloader which may allow an attacker to corrupt the return address, causing a stack-based buffer overrun and potentially arbitrary code execution. Connected sources ide...
CVE-2021-46763
The CVE-2021-46763 entry concerns AMD components: the AMD Secure Processor (ASP) and AMD System Management Unit (SMU). The root cause is insufficient input validation in the SMU, which may allow a privileged attacker to write beyond the bounds of a shared memory buffer, potentially compromising i...
CVE-2021-46774
CVE-2021-46774 describes insufficient input validation in the AMD ABL, enabling a privileged attacker to perform arbitrary DRAM writes and potentially execute code or escalate privileges. Connected advisories confirm this vulnerability is among issues addressed by AMD/PI firmware updates and kern...
CVE-2021-26356
CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...
CVE-2021-46762
CVE-2021-46762 is an AMD SMU/ASP input-validation vulnerability: insufficient validation in the System Management Unit (SMU) may allow corruption of SMU SRAM, risking integrity or availability. Affected products include AMD ASP/SMU components in AMD Embedded processors; exploitation details are n...
CVE-2023-20531
CVE-2023-20531 affects the AMD System Management Unit (SMU) in AMD EPYC platforms. The root cause is insufficient bound checks in SMU, allowing an attacker to update SRAM between address spaces to an invalid value, which can lead to a denial of service. Connected documents provide concrete detail...
CVE-2020-12944
CVE-2020-12944 affects AMD Secure Processor (ASP) firmware, where insufficient validation of BIOS image length could allow arbitrary code execution. AMD documentation (AMD-SB-1027/1021) lists affected platforms across desktop, mobile and server AMD systems and provides mitigations via AGESA PI fi...
CVE-2023-20529
The CVE-2023-20529 issue affects the AMD System Management Unit (SMU) , where insufficient bound checks can allow an attacker to update the sender/receiver address space to an invalid value, potentially causing a denial of service. The vulnerability is tied to SMU/firmware handling and is documen...
CVE-2021-26338
The CVE targets AMD's System Management Unit (SMU) in AMD EPYC processors (1st–3rd Gen) where improper access controls may allow an attacker to override DRAM performance-control tables, risking resource exhaustion. Affected components/versions are stated in AMD’s bulletin AMD-SB-1021 (AGESA mitig...